NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d6dfb23a40
kumquat-buildroot/package/python-bottle/python-bottle.hash
Peter Korsgaard 14cc349d26 package/python-bottle: security bump to version 0.12.19 
Fixes the following security issue:

CVE-2020-28473: The package bottle from 0 and before 0.12.19 are vulnerable
to Web Cache Poisoning by using a vector called parameter cloaking.  When
the attacker can separate query parameters using a semicolon (;), they can
cause a difference in the interpretation of the request between the proxy
(running with default configuration) and the server.  This can result in
malicious requests being cached as completely safe ones, as the proxy would
usually not see the semicolon as a separator, and therefore would not
include it in a cache key of an unkeyed parameter.

In addition, bottle 0.12.18 fixed a compatibility issue with python 3.8+:

https://github.com/bottlepy/bottle/issues/1181

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-04 18:15:16 +01:00

6 lines
326 B
Plaintext
Raw Blame History

# md5, sha256 from https://pypi.org/pypi/bottle/json
md5 50075544706b5e662a3fbd9a98e24b07 bottle-0.12.19.tar.gz
sha256 a9d73ffcbc6a1345ca2d7949638db46349f5b2b77dac65d6494d45c23628da2c bottle-0.12.19.tar.gz
# Locally computed sha256 checksums
sha256 d0e7211f1c3c1a1c56f39d18bcb07f27f480c8a9552617756dda3a335933b8a6 LICENSE
Reference in New Issue View Git Blame Copy Permalink